ATTACHMENT A 
Amendments to the Claims 



This listing of claims will replace all prior versions, and listings, of claims in the 
application, 

1 . (Currently Amended) A method for carrying out an authentication process for 
authenticating a transaction with an entity (23) by means of a data processing apparatus 
ftO}, in which: 

the entity (33) generates transaction data relating to the transaction, and 

at least during the authentication process the data processing apparatus (4-0) has 
operatively associated with it a selected one of a plurality of authentication storage means 
(-1-3) each for storing predetermined authentication information, the authentication storage 
means ft3) being registrable r egisterable with a common system-fl4), 

the method including the step of carrying out the authentication process via a 
communications link with that system-(M), the authentication process being carried out 
by authenticating means (102) incorporated in the system (-1:4) and involving the use of 
the predetermined authentication information stored by the selected one authentication 
storage means fi3) and the transaction data, 

wherein in order to authenticate the transaction, the transaction data is transmitted 
between the data processing apparatus (iO) and the system via a transaction manager 
(44) implemented by the data processing apparatus, and the predetermined authentication 
information is also transmitted between the authentication storage means (4-2) and the 
system (^1:^ via the transaction manager~(4-4^. 

2. (Currently Amended) A method according to claim 1, in which the predetermined 
authentication information stored by each authentication storage means (4^ corresponds 
to information which is used to authenticate a user of that authentication storage means 
(-43) in relation to the system-(4^. 
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3. (Currently Amended) A method according to claim l-eiF^, wherein the system (46)-is 
a telecommunications system. 

4. (Cancelled) 

5. (Currently Amended) A method according to claims claim l,3r3^"Oi=-4r wherein each 
user is authenticated in the telecommunications system by means of the use of a smart 
card or subscriber identity module (e.g. SIM), and in which the authentication storage 
means (4-2) respective to that user corresponds to or simulates the smart card for that user. 

6. (Original) A method according to claim 5, wherein the smart card or SIM 
authenticates the transaction when the smart card or SIM is operable in a terminal usable 
in a mobile and/or cellular telecommunications system. 

7. (Original) A method according to claim 6, wherein the smart card or SIM is operable 
to authenticate the terminal in the mobile and/or cellular telecommunications system. 

8. -10. (Cancelled) 

1 1 . (Currently Amended) A method according to claim I 4:0, in which the authentication 

storage means (43) is incorporated on a data carrier for the-data or software for use by 
that data processing apparatus . 

12. (Currently Amended) A method according to any preceding claim J,, in which the 
authentication process involves the sending of a message and the generation of a 
response dependent on the message and the predetermined information. 

13. -16. (Cancelled) 
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17. (Currently Amended) A method according to any preceding claim^ including 
operatively coupling the authentication storage means (43^ to a carrier-(33). 

18. (Cancelled) 

19. (Currently Amended) A method according to claim 4^ 17, wherein the carrier (53) is 
operatively coupled to the data processing apparatus fJrO) by a wireless link. 

20. (Currently Amended) A method according to any of claims claim 17 to 19 , wherein 
the authentication storage means (13) is removably coupled to the carrie r (32) . 

21. (Cancelled) 

22. (Currently Amended) A method according to claim 173}-, comprising using said 
carrier (43)-to obtain security data independently of the data processing apparatus-(4^, 
and analysing the security data for determining whether to allow access to the 
predetermined information. 

23. (Original) A method according to claim 22, wherein the security data is obtained by 
alphanumeric data entry means. 

24. (Cancelled) 

25. (Currently Amended) A method according to claim 22, 23 or 2 4 , wherein the security 
data comprises a Personal Identification Number (PIN) and the analysing step compares 
the PIN obtained by the security data entry means with a PIN stored on the authentication 
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storage means and only allows access to the predetermined information when the 
respective PINs match. 

26. (Cancelled) 

27. (Currently Amended) A method according to any one of claims claim 17 21 to 26 , 
wherein communication with the data processing apparatus (4r0) is controlled by a data 
processing module (36). 

28. -29. (Cancelled) 

30. (Currently Amended) A method according to claim 27, 28 or 29, wherein the data 
processing module of the carrier (33) decrypts encrypted data received from the data 
processing module (38) of the data processing apparatus-fiO). 

3 1 . (Currently Amended) A method according to claim 27, 28,29 or 30, wherein the data 
processing module (36) of the carrier (32) encrypts data transmitted to the data 
processing module (3^ of the data processing apparatus-(iO). 

32. (Currently Amended) A method according to claim 30-fmd"34, wherein the 
respective data processing modules (36,38) comprise a key ( 4 0,42) for allowing 
encryption and/or decryption of data. 

33. (Currently Amended) A method according to claim 32, wherein the key (40^43) 
comprises a shared secret key for each of the respective data processing modules (36,38) . 

34. (Currently Amended) A method according to any one of claims claim 174e-33, 
wherein the carrier (33) is operatively coupled to a plurality of authentication storage 
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means f]-2) for respectively enabling the said authentication process and one or more 
other authentication processes. 

35. (Cancelled) 

36. (Currently Amended) A method according to any preceding claim Jl, including 
routing communications between the authentication storage means ftS) and the system 
(+6) via the transaction manager-ft4). 

37. (Currently Amended) A method according to any preceding claimJL, wherein the 
transaction manager (34) is implemented by the data processing apparatus. 

38. (Currently Amended) A method according to any preceding claimj[, wherein the 
transaction manager (44) detects the operative coupling of the authentication storage 
means-fl^. 

39. (Currently Amended) A method according to claim 36, 37 or 38, wherein the 
transaction manager (44) transmits data relating to an authenticated transaction to the 
entity (22) t o which that transaction relates. 

40. -51. (Cancelled) 

52. (Currently Amended) Data processing apparatus (40)-in combination with a selected 
one of a plurality of authentication storage means (4^ each for storing predetermined 
authentication information relating to the carrying out of an authentication process for 
authenticating a transaction with an entity (33)-by means of the data processing 
apparatus-(40), the entity (33) being operable to generate transaction data relating to the 
transaction, and the authentication storage means (43) all being registrable with a 



223LT:20304:3 1206: 1 :ALEXANDRIA 



common system-f4-6), the authentication storage means (4r3) when operatively associated 
with the data processing apparatus fiO) being operative to carry out the authentication 
process via a communications link with that system-(4^, the authentication process being 
carried out by authenticating means fJ-03)-incorporated in the system ft^and involving 
the use of the predetermined authentication information stored by the selected one 
authentication storage means (12) , wherein in order to authenticate the transaction, the 
transaction data is transmitted between the data processing apparatus fl-0)"and the system 
(16) via a transaction manager (44) implemented by the data processing apparatus~(44)), 
and the predetermined authentication information is also transmitted between the 
authentication storage means (45) and the system via the transaction manager~fl4). 

53. (Currently Amended) Apparatus according to claim 52, in which the predetermined 
authentication information stored by each authentication storage means (12)-corresponds 
to information which is used to authenticate a user of that authentications storage means 
(42) in relation to the system-(i^. 

54. (Currently Amended) Apparatus according to claim 52 or 53 , wherein the system is 
a telecommunications system-fl^. 

55. (Cancelled) 

56. (Currently Amended) Apparatus according to claim 53, 54 or 55 ^ in which each user 
is authenticated in the telecommunications system by means of the use of a smart card or 
subscriber identity module (e.g. SIM), and in which the authentication storage means (4-2) 
respective to that user corresponds to or simulates the smart card for that user. 
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57. (Original) Apparatus according to claim 56, wherein the smartcard or SIM is 
operable in a terminal usable in a mobile and/or cellular telecommunication system to 
authenticate the transaction. 

58. (Original) Apparatus according to claim 57, wherein the smartcard or SIM is 
operable to authenticate the terminal in the mobile and/or cellular telecommunication 
system. 

59. -60, (Cancelled) 

61, (Currently Amended) Apparatus according to any one of claims claim 52 to 60 , in 
which the authentication process involves the sending of a message and the generation of 
a response dependent on the message and the predetermined information. 

62. -65. (Cancelled) 

66. (Currently Amended) Apparatus according to anv one of claims claim 52 to 65 , 
wherein a carrier is provided for the authentication storage means (45) and the 
authentication storage means is operatively couplable to the carrier-(^). 

67. (Cancelled) 

68. (Currently Amended) Apparatus according to claim 66 including means for 
allowing wireless communication between the carrier and the data processing 

apparatus-(4-0). 

69. (Currently Amended) Apparatus according to claim 66, 67 or 68, including means 
for removably coupling the carrier (^3)-to the authentication storage means-(i3). 
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70. (Cancelled) 



71 . (Currently Amended) Apparatus according to claim 6670, wherein the carrier (35) 
includes means (46) for obtaining security data independently of the data processing 
apparatus ftO)-and means for analysing the security data for determining whether to 
allow access to the predetermined information. 

72. (Currently Amended) Apparatus according to claim 71, wherein the carrier (35) 
comprises alphanumeric data (46) entry means for allowing the security data to be 
obtained. 

73. (Cancelled) 

74. (Currently Amended) Apparatus according to claim 71, 72 or 73, wherein the 
security data comprises a personal identification number (PIN) and the analysing means 
is operable to compare the PIN obtained by the security data entry means with a PIN 
stored on the authentication storage means (43) and for only allowing access to the 
predetermined information when the respective PINs match. 

75. (Cancelled) 

76. (Currently Amended) Apparatus according to any one of claims claim 6670 to 75, 
wherein the carrier (33) comprises a data processing module (36)~for controlling 
communication with the data processing apparatus-(40). 

77. - 78. (Cancelled) 
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79. (Currently Amended) Apparatus according to claim 76, 7 7 or 78, wherein the data 
processing module (^€) of the carrier (35) includes means for decrypting encrypted data 
received from the data processing module (38) of the data processing apparatus-fiO). 

80. (Currently Amended) Apparatus according to claim 76, 77 , 78 o r 79, wherein the data 
processing module (36) of the carrier (33) encrypts data transmitted to the data 
processing module (38) of the data processing apparatus-(?0). 

8 1 . (Currently Amended) Apparatus according to claim 79 or 80 , wherein the respective 
data processing modules comprise a key (40,42) for allowing encryption and/or 
decryption of data. 

82. (Currently Amended) Apparatus according to claim 81, wherein the key (40,42) 
comprises a shared secret key for each of the respective data processing modules (36,38) . 

83. (Currently Amended) Apparatus according to any one of claims claim 66 to 82 , 
wherein the carrier (33) includes means for operatively coupling the carrier to a plurality 
of authentication storage means (12) for respectively enabling the said authentication 
process and one or more other authentication processes to be performed. 

84. (Cancelled) 

85. (Currently Amended) Apparatus according to any one of claims claim 524e-84, 
wherein data communications between the authentication storage means (12) and the 
system (4-6) are routed via the transaction manager'-(44) 
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86. (Currently Amended) Apparatus according to any one of claims claim 52 to 85 , 
wherein the transaction manager (44) is implemented by the data processing apparatus 



87. (Currently Amended) Apparatus according to a n y on e o f claims claim 524e-84, 
wherein the transaction manager (44)-is operable to detect the operative coupling of the 
authentication storage means (12) to the data processing means-fW). 

88. (Currently Amended) Apparatus according to any one of claims claim 52 to 87 , 
wherein the transaction manager fM) is operable to transmit data relating to an 
authenticated transaction to the entity (33) to which that transaction relates. 

89. - 100. (Cancelled) 

101. (Currently Amended) A device (33) for coupling to data processing apparatus (4-0) 
for enabling an authentication process involving the use of separate authenticating means 
(1 02) , the device (32) being configured to provide a plurality of separately activatable 
authentication information records for use in the authentication process, the 
authentication information records being registered with a system (l^including the 
authenticating means (102) , the device (33) being responsive to an input message for 
deriving a response dependent on the input message and on the activated authentication 
information record for enabling the authenticating means (102) to carry out the 
authentication process via a communication link with the authenticating means (403) in 
the said system (4^ whereby to authenticate a transaction. 

102. (Original) The device of claim 101, including means for receiving a smart card or 
SIM which carries said plurality of authentication information record. 
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103. (Original) The device of claim 101, including means for receiving a plurality of 
smart cards or SIMs, each of which carries one of said plurality of authentication 
information records. 

104. (Original) The device of claim 101, including means for releasably coupling one or 
a plurality of smart cards or SIMs thereto, the authentication information records being 
stored on the smart card(s) or SIM(s). 

105. (Original) The device of claim 101, including means for receiving one or a 
plurality of smart cards or SIMs and for permanently coupling the smart card(s) or 
SIM(s) to the device. 

106. (Original) The device of claim 101, including a data store for storing said plurality 
of separately activatable authentication information records. 

107. (Currently Amended) The device of any of claims claim 101 t o 106 , wherein the 
plurality of authentication information records are selectively activated in response to a 
user input. 

108. (Original) The device of claim 107, wherein the user input is provided by 
activation of a switch. 

109. (Currently Amended) The device of any of claims claim 10l4e-406, wherein the 
plurality of authentication information records are selectively activated in response to a 
signal received from the data processing device. 

1 10. (Currently Amended) An authentication system for authenticating transactions of 
users registered with that system to enable a transaction with another system (33) to be 
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authenticated, the authentication system including authentication means (102) for sending 
an authentication message in response to an authentication request from a subscriber and 
for receiving and analysing a response thereto to determine if the received response 
corresponds to an expected response to authenticate the identity of the user; and security 
token generating means (102 ) for generating a security token for use in performing a 
transaction with the other system-(33). 

111. (Original) The system of claim 110, wherein the security token includes data 
indicative of the identity of the user. 

1 12. (Currently Amended) The system of claim 1 10 or 111 , wherein the security token 
includes data indicative of the nature of the transaction. 

113. (Currently Amended) The system of claim 1 10, 111 or 1 12, including means (102) 
for receiving a returned security token and for analysing the returned security token to 
determine its integrity and for providing a service in response to receipt of the returned 
security token. 

1 14. (Original) The system of claim 113, wherein the service is the processing of a 
payment associated with the transaction. 

115. (Currently Amended) The system of claim 1 10,- 1. 11, 11 2, 1 \. ^^-m-444: including a 
register for storing data relating to a user for use in performing transactions. 

116. (Original) The system of claim 115, including means for transmitting the user data 
in response to a request from the user. 
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117. (Original) The system of claim 115, including means for transmitting the user data 
in response to receipt of a returned security token. 

118. (Currently Amended) The system of claim 1 1 5, 116 or 117, including means for 
transmitting the user data in response to receipt of a returned security token, and wherein 
the register stores for each user separate data records for each of a plurality of other 
services with which the user performs transactions, and wherein only user data for a 
particular service is provided in response to a request for user data. 

119. (Currently Amended) The system of claim 118 when dependent on claim 117 , 
wherein the returned security token mis analysed to determine to which service it relates, 
and in response thereto user data for that service is provided to that service. 

120. (Original) A system for storing user data for use in performing transactions with a 
plurality of service providers, wherein for each user a plurality of data records are stored 
for use when performing transactions with respective service providers, and wherein only 
a data record relevant to a particular service provider is made available in response to a 
request on behalf of that service provider. 

121. (Original) The system of claim 120, including means for authenticating a request 
for user data on behalf of a service provider. 

122. (Original) A data packet for use in authenticating and performing a transaction 
between a client and a product or service provider, the data packet including data 
indicative of the product or service provider identity such that the data packet is only 
useable to authenticate and perform a transaction with that product or service provider. 
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123. (Original) The data packet of claim 122, wherein the data packet includes data 
indicative of the client identity such that the data packet is only useable to authenticate 
and perform a transaction with that client. 

124. (Currently Amended) An authentication system for authenticating transactions 
between a client and a product or service provider, including means for generating a data 
packet according to claim 122 or 123 and means for transmitting the data packet to the 
service provider. 

125. (Currently Amended) A method of facilitating transactions between a plurality of 
users registered with an authentication system (M) and plurality of product or service 
providers-f22), the method including: 

providing each user with authentication storage means (45) storing predetermined 
authentication information, each authentication storage means being coulpleable 
couplable to data processing apparatus (iO) for data exchange therewith; 

generating in response to a request, made using data processing apparatus-ftO), 
from a user to a product or service provider a transaction request data packet including 
data indicative of the identity of the user and the identity of the product or service 
provide r (22) ; 

transmitting the transaction request data packet to the authentication system (102) 
via the data processing apparatus-(4-0); 

analysing in the authentication system (102) the transaction request data packet 
and extracting therefrom the identity of the user; 

transmitting from the authentication system (102) an authentication request signal 
to the user's authentication storage means (12) via the data processing apparatus-(+0); 

receiving via the data processing apparatus flrO)-a response from the user's 
authentication storage means at the authentication system-ftOS); 
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analysing said response at the authentication system ( 1 02) to determine whether 
said response corresponds to an expected response with reference to knowledge of said 
predetermined authentication information for that user; 

generating an authentication token and providing this to the product or service 
provider (22) via the data processing apparatus-fK)), the authentication token indicating 
to the product and service provider that the user is authenticated by the authentication 
system-ft03). 

126. (Original) The method of claim 125, wherein the authentication token includes data 
indicative of the product or service provider that generated the transaction request data 
packet corresponding to the authentication token. 

127. (Currently Amended) The method of claim 125 or 126 , wherein the authentication 
token includes data indicative of the user. 

128. (Currently Amended) The method of claim 125,-1:3 6 or 127, - including receiving 
from the service provider (22)-at the authentication system (102) a request for payment 
token, including the authentication token to which it relates, checking the validity of the 
authentication token prior to authorising a payment to the product or service provider 
from the user's account with the authentication syste m (102) . 

129. (Currently Amended) A method for carrying out an authentication process for 
authenticating a subsequent transaction by any one of a plurality of users with an entity 
(32)-by means of data processing apparatus-(+0), in which: 

the entity (22)-generates transaction data relating to the transaction, and 
during the authentication process the data processing apparatus (4^has operatively 
associated with it a selected one of a plurality of authentication storage means (45) 
respective to the users, each authentication storage means (4^storing predetermined 
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authentication information and being registerable with a common telecommunications 
system (M)-for which the users have respective telecommunications terminals^; 

the method including the step of carrying out the authentication process via a 
communications link with the common telecommunications system-(44), the 
authentication process being carried out by authenticating means ( 1 02) incorporated in 
the telecommunications system (i^and involving the use of the predetermined 
authentication information stored by the selected one authentication storage means-(i5), 
the predetermined authentication information stored by each authentication storage 
means (45)-corresponding to information which is used to authenticate that user's 
telecommunications terminal in relation to the telecommunications system (1 6) b ut the 
authentication process for authenticating the transaction by that user with the data 
processing apparatus (10) not requiring use of that user's telecommunications terminal 
nor requiring the telecommunications terminal to be actually authenticated by that 
information in relation to the telecommunications system-^i^)^; 

wherein in order to authenticate the transaction, the transaction data is transmitted 
between the data processing apparatus fM))-and the system ft6) via a transaction manager 
f44) implemented by the data processing apparatus-fM)), and the predetermined 
authentication information is also transmitted between the authentication storage means 
(45) and the system (i6)-via the transaction manager-fl4). 



223 LT:20304:3 1 206: 1 : ALEXANDRIA 



